Le géant mondial de la distribution IT, Ingram Micro, est frappé depuis le 3 juillet 2025 par une attaque ransomware inédite. Les systèmes sont paralysés et l’ensemble de l'approvisionnement est perturbé. Derrière cette opération, le groupe de cybercriminels SafePay, qui a exploité une faille critique pour s’introduire dans les réseaux de l’entreprise.

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that’s all it takes. Staying safe isn’t just about reacting fast. It’s about catching these early signs

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111." This narrow escape prompted CISA to urge manufacturers to

L’équipe Application and Threat Intelligence (ATI) de Keysight a mis au jour une nouvelle faille d’échange TLS (Transport Layer Security). Cet exploit tire parti d’un comportement conforme au protocole pour contourner les défenses réseau classiques. Le canal secret découvert permet aux attaquants de modifier les paquets d’échange TLS en réorganisant simplement les paramètres, sans injection […]

The post Keysight dévoile des canaux TLS cachés capables d’éviter les défenses réseaux first appeared on UnderNews.

L'Amazon Prime Day (qui s’étend sur 3 jours, malgré son nom) débute le 8 juillet 2025. L'occasion pour des millions de consommateurs de dénicher les bonnes affaires sur la plus grande marketplace du monde. C'est aussi un terrain de chasse privilégié pour les hackers qui souhaitent profiter de la frénésie ambiante.

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy, an adversarial collective assessed to be an operational sub-cluster within

OpenAI has again confirmed that it will unify multiple models into one and create GPT-5, which is expected to ship sometime in the summer. [...]

Notepad now lets you use markdown text formatting on Windows 11, which means you can write in Notepad just like you could in WordPad. [...]

OpenAI's "Study together" mode has been spotted in the wild, and it could help students prepare for exams directly from ChatGPT. [...]

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...]

[Deal du jour] Un gestionnaire de mots de passe est indispensable si vous multipliez les comptes sur diverses plateformes et sites web. Proton Pass fait partie des meilleurs dans ce domaine, et en passant par Numerama, vous bénéficiez en ce moment d'une belle réduction sur l’abonnement annuel Pass Plus.

Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal

Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders," Wiz researchers Yaara Shriki and Gili

Google says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. [...]

ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. [...]

IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. [...]

A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. [...]